feat: add reentrancy protection for external calls and token transfers#172
Merged
greatest0fallt1me merged 2 commits intoSep 28, 2025
Merged
Conversation
Contributor
|
Nicely done. Appreciate your work on this! @ikemHood |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📋 Basic Information
Type of Change
Related Issues
Priority Level
📝 Detailed Description
What does this PR do?
Why is this change needed?
How was this tested?
reentrancy_guard.rsusingenv.register_contract+env.as_contract.Alternative Solutions Considered
🏗️ Smart Contract Specific
Contract Changes
Oracle Integration
invoke_contract)Market Resolution Logic
Security Considerations
🧪 Testing
Test Coverage
Test Results
Manual Testing Steps
voteconcurrently during an external call path (e.g., fee collection or oracle fetch) — second call should fail withREENTRANCY_GUARD_ACTIVE.claim_winningswhile a guarded transfer is in-flight — reentry should be blocked.fetch_oracle_result) then attempt to reenter other entrypoints — blocked until guard released.📚 Documentation
Documentation Updates
Breaking Changes
🔍 Code Quality
Code Review Checklist
Performance Impact
Security Review
🚀 Deployment & Integration
Deployment Notes
REENTRANCY_GUARD_ACTIVEandEXTERNAL_CALL_FAILEDerrors where applicable.Integration Points
REENTRANCY_GUARD_ACTIVEoccurrences.📊 Impact Assessment
User Impact
Business Impact
✅ Final Checklist
Pre-Submission
Review Readiness
🔗 Implementation Summary (Files Touched)
contracts/predictify-hybrid/src/reentrancy_guard.rscontracts/predictify-hybrid/src/errors.rscontracts/predictify-hybrid/src/lib.rscontracts/predictify-hybrid/src/voting.rscontracts/predictify-hybrid/src/fees.rscontracts/predictify-hybrid/src/oracles.rscontracts/predictify-hybrid/src/resolution.rscontracts/predictify-hybrid/src/markets.rsKey Entry Points Guarded
PredictifyHybrid::votePredictifyHybrid::claim_winningsPredictifyHybrid::dispute_marketPredictifyHybrid::vote_on_disputePredictifyHybrid::resolve_disputePredictifyHybrid::collect_feesPredictifyHybrid::extend_marketPredictifyHybrid::fetch_oracle_result(delegates to guarded oracle client)External Call Sites Guarded
VotingUtils::transfer_stake,VotingUtils::transfer_winnings,FeeUtils::transfer_fees_to_admin,FeeManager::process_creation_feeReflectorOracleClient::{lastprice, price, twap}New Errors
REENTRANCY_GUARD_ACTIVE (600)EXTERNAL_CALL_FAILED (601)